Make no mistake the regulations in America will also change (towards Cyber privacy). As self-regulation has not worked for the industry.

You may have needed a security policy for PCI(Payment Card Industry) compliance in the past, but you will likely need a way to write down what your policies are, hence the need for a security policy for many regulations today and tomorrow.

Good news on that front - At Fixvirus.com we have a spring cleaning special April - through May we will offer our Alpha scan at half price.

If you are in need to just discuss some Cybersecurity first - contact us and the half off - still stands. Half off consulting time and material up to 10 hours.

There are many projects we are involved in, but we have a strict policy of not discussing our projects with the world. For the right project, we are willing to make monetary concessions so that we can use your project as an example on our marketing efforts. We would never divulge details just general items such as:

Company ABC has improved security policy - performed Alpha scan due diligence.

Malware is becoming more sophisticated - and it is difficult if not impossible to catch every virus/malware that is being created constantly.

If this is a true statement: "My IT department will not catch all malware that is being created" even with anti-virus Next gen firewall and more. Now what?

We have to try to detect the malware as fast as possible after it affects the computer - and then react to it.

But you say - what do you mean - I catch all the viruses and malware... i have anti-virus and a new firewall that inspects network traffic, I have anti-spam which removes all the known viruses.

Ok let me do this for you: 100% of all KNOWN viruses and malware are caught by your awesome people and technologies. Known only.

Are you familiar with new attacks that can exploit software before it has been patched? Otherwise known as Zero-day or 0-day.

I have discussed this before at my blog Oversitesentry¹ Zero-days are very dangerous as there is no defense against them. So at this point I want to show you our difficulty in defense of the network and computers:

from youtube Video of Pablo Breuer CircleCityCon²

For example: At any 1 point in time there are 0.001% of people that can write one 0-day exploit per year (this is a reasonable timeframe) 1 out of a 100,000.

We know China is very interested in Cyber warfare and stealing secrets - making money etc. So in China there are 1.357 Billion people in China(2013) as per Google.

So therefore there will be 13,570 0-days written in a year. So let's say 85% of these 0-days are caught by our defenses because the attack looks similar to a current known virus (which we detect) or otherwise effect.

So 85% of 13,570 = 11,535 of which consists of detected zero-days.

So unfortunately 2,036 0-day attacks will not be identified.

And now you know why the Attacker has the advantage - it is hard to keep up with 2000+ new attacks per year - almost 6 per day.

I have said this before(attacker advantage)³

Offense only has to be right once to penetrate successfully. Whereas the defender has to work 365 days of the year.

We have our work cut out for us - as every IT function must work just right, this is too important and thus must get audited by a separate entity like us.

Contact Me Tony Zafiropoulos 314-504-3974 to get the conversation started. To increase your focus on the things that matter - detect and react.

At Fixvirus.com we will help you design your own Cybersecurity department, or help you with just enough Cybersecurity.

What do i mean 'with just enough Cybersecurity'?

I think it is safe to say that most of us do not think about the security of our phones, computers and tablets. As a whole people want their electronic devices to work.

Is this indicative of what we want in our companies? Do we expect the IT department to keep us safe and secure? We don't want to think about this we just want it to happen.

So what to do? Why does the IT department need oversight? Because testing their abilities in a nice way tells them they are doing a good job and tells you the IT job is being done well.

You can still get hacked, but at least the i's were dotted and T's crossed.

The key in our environments anyway is what happens after the hacker is in. You don't want them to steal anything and get away with it. You have to set up methods to track down when a hacker is doing their work and shut down the exfiltration (or stealing of data to an external machine).

So to start we have to audit the environment and count all the computers before doing the next steps.

audit environment - count the computers, find out what is running on the computers. (count computers = find them all and review what is running on them)

Audit the software since just knowing what hardware or in virtual machines, the instances of servers is not enough. We must know the type and version of software running, since a vulnerability alert can cause PCI compliance to be in jeopardy. The criminal hacker is looking for your software, so you should know what is in your environment as well.

Doing vulnerability assessments means trying to uncover unpatched software in your environment. ( just like the criminal hacker would do and like you are supposed to do for PCI compliance - HIPAA compliance and all other governance) as it only makes sense.

What about the Zero-day attacks? the attacks that cannot be patched? Since the hackers found a problem that can be exploited. Well for these situation we have to have a detect and monitor program. Check the logs, check the network traffic (which means a SIEM - Security Information Event Manager) and IPS (Intrusion Prevention System).

Although the SIEM-IPS systems will not prevent all attacks, they will prevent a lot and with vigilance we can keep up with attacks on our environment with enough resources.

[Image from NIST(National Institute of Standards and Technology) 800-37 documents¹]

If risk management is to work properly in an entity it must be assessed given enough time to review all your data and usage of computers.

So yes the first thing one must do is to find out what and how your Info tech is being used. so don't just learn what is running on each computer, but rate each item to its risk factor:

You must classify data from High importance, to Low importance.

High Importance data can then be properly classified in Cyber Risk categories.

We will review each step of the path to better Cybersecurity again and again as that is what we are all about.

There is malware that can infect hard drive firmware and then perform other tasks

At page 23 #14 says:

23

"14.

What C&C infrastructure do the Equation group implants use?

The Equation group uses a vast C&C infrastructure that includes more than

300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.

All C&C domains appear to have been registered through the same two major

registrars, using “Domains By Proxy” to mask the registrant’s information.

Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."

C&C means command & control.

The infected hard drive means nothing without being able to "phone home". So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.

Contact Usto help you with setting up your IPS or purchasing an IPS system that works for you.